PfSense + Squid + local network

  • Hi everybody,

    I am struggling since few days now with my setup and you are my last chance before leaving all as it is now...

    1/Pfsense as a FW. Everything which goes from my ISP box goes through it.
    Installed in a VM on ESXI.
    WAN IP:
    Lan IP:
    Acme package is installed and I have a certificate for my domain name and its subdomains

    2/Bitwarden setup in docker in another VM and accessible via
    No cert installed
    3/Nextcloud setup up in a jail within Freenas which is himself in another VM.
    Nextcloud could be reached via
    No cert installed

    I have an OVH domain name . which points my public IP
    I have two subdomains registered bw.
    . and nc.****. which are also pointing to my public IP

    What I am trying to do:
    Reach either Nextcloud or Bitwarden through nc.. or bw.. and use the global cert I have in PfSense.
    I do not want these VM to be reachable from outside of my own network

    I have followed serveral howto using Squid as a reverse proxy and this is definitely working but only when I make the port 443 accessible from outside (which I do not want).
    In this config, Nextcloud and Bitwarden benefits for the global cert and are reachable via the subdomains mentioned earlier.
    If I do not allow connection on 443, I lose the internal access to my VM.

    I also tried using HAProxy but results is exactly the same.
    I do not know where to look at anymore...

    Is any of you have an idea on how I could reach my target?
    I could provide whatever info you might estimate necessary to understand and fix.

    Many thanks in advance,



Log in to reply